WhatschatDocsGaming
Related
Night Street Games Charts a Different Course for Last Flag: Community Over Closure10 Surprising Facts About Game Quest: The Backlog BattlerPlayStation 5 Now Runs Linux: Steam Gaming Unlocked on Select ConsolesJace Beleren Creates a New Universe: What We Know About Magic: The Gathering's 'Reality Fracture'PlayStation VR2 Hits New Low Price at Best Buy: Under $2008 Ways Influencers Have Reshaped Gaming, According to Fallout Designer Tim CainFire Emblem's Forgotten Savior: How a 30-Year-Old Game Rescued the FranchiseMagic: The Gathering to Unleash 'The Hobbit' Expansion This August, Building on Lord of the Rings Success

How to Comply with Utah's SB 73 Age Verification Law Without Overstepping Privacy

Last updated: 2026-05-04 05:39:55 · Gaming

Introduction

Utah's Senate Bill 73 (SB 73), also known as the Online Age Verification Amendments, goes into effect on May 6. It makes Utah the first U.S. state to specifically target VPN usage in age verification requirements. Under this law, websites that host a substantial portion of material harmful to minors must verify users' ages—and they remain liable even if users bypass verification using a VPN. Critics, including the Electronic Frontier Foundation and NordVPN, warn that enforcing location-based age checks for VPN users is technically impossible and creates a liability trap. This guide provides a step-by-step approach for website operators to navigate SB 73's requirements while respecting user privacy and avoiding overreach.

How to Comply with Utah's SB 73 Age Verification Law Without Overstepping Privacy
Source: www.pcgamer.com

What You Need

  • Legal Counsel: Consult with an attorney familiar with Utah's digital privacy laws and age verification statutes.
  • Age Verification Solution: A third-party service that can verify age without excessive data collection (e.g., digital ID, credit card check, or biometric estimation).
  • VPN Detection Tools: Optional but useful—though be aware of their technical limitations and potential for false positives.
  • Privacy Policy Update: A revised privacy policy that explains how user data is collected, used, and stored for age verification.
  • Compliance Audit Framework: A documented process for reviewing and updating your practices as legal interpretations evolve.

Step-by-Step Guide

Step 1: Understand the Law's Requirements

Read SB 73 carefully. Key provisions include:

  • Websites with a substantial portion of material harmful to minors (broadly defined) must implement age verification.
  • Verification must be based on actual user location, regardless of whether a VPN is used.
  • The site cannot provide instructions on how to use a VPN to bypass age checks.
  • Noncompliance can result in civil penalties.

Work with legal counsel to determine if your website falls under the law's scope. Consider that even sites with minimal adult content may be affected if minors can access harmful material.

Step 2: Choose an Age Verification Method

Select a method that balances compliance with privacy. Options include:

  • Government ID Scan: High accuracy but intrusive. Requires secure data handling.
  • Credit Card Check: Verifies age through a card transaction (no purchase needed). Reliable but shares financial data.
  • Third-Party Age Estimation: AI-based analysis of facial features via webcam. Less accurate but less invasive.
  • Cross-Platform Verification: Using existing accounts (e.g., Google, Apple) that already hold age data.

Avoid storing verification data longer than necessary. Delete records after confirming age or complying with applicable retention laws.

Step 3: Address VPN Users

This is the trickiest part. The law holds you responsible for VPN users who are actually in Utah. Current technology cannot reliably detect all VPN use. Steps you can take:

  • Use IP geolocation databases that flag known VPN IP addresses. Accept that some genuine Utah users may be blocked.
  • Implement browser fingerprinting or behavior analysis to identify inconsistencies suggesting a VPN (e.g., IP from different country but timezone matches Utah).
  • Add a manual verification fallback: if a user claims to be blocked incorrectly, offer a secondary check (e.g., SMS code to a Utah area code).
  • Document your efforts to comply. If challenged, you can show you took reasonable steps, even if not perfect.

Note: The EFF warns that banning all known VPN IPs could sweep in legitimate privacy-conscious users outside Utah. Consider a softer approach: require age verification only when VPN is detected, not a blanket block.

How to Comply with Utah's SB 73 Age Verification Law Without Overstepping Privacy
Source: www.pcgamer.com

Step 4: Remove VPN Instruction Content

SB 73 prohibits giving instructions on how to use a VPN to bypass age verification. Review your website:

  • Remove any blog posts, FAQs, or tutorials that explain how to access blocked content using a VPN.
  • If you have a help section for VPN users, either delete it or rewrite it to avoid mentioning bypass methods.
  • Train customer support staff to not provide workaround advice.

Step 5: Update Your Privacy Policy and User Interface

Be transparent with users:

  • Explain why age verification is required and what data is collected.
  • State that VPN use does not exempt them from verification.
  • Offer a clear opt-out for data sharing beyond verification (if legally permissible).
  • Include a link to your privacy policy on the verification screen.

Step 6: Monitor Legal Developments and Prepare for Appeals

Age verification laws are evolving. Other states may follow Utah's lead, and federal legislation like the Parents Decide Act could create national standards. Stay informed:

  • Subscribe to updates from the EFF and other digital rights organizations.
  • Build a compliance team that meets quarterly to review changes.
  • Prepare a user appeal process: allow users to contest age verification decisions (e.g., if misidentified as underage).

Tips for Success

  • Prioritize Privacy: The Utah law raises valid privacy concerns. Minimize data collection to what is strictly necessary. Use anonymized age verification when possible.
  • Consider Global Impact: If you block VPN IPs or require age checks for everyone, users outside Utah will be affected. Weigh business impact against legal risk.
  • Test Thoroughly: Before going live, test your verification flow with real VPN users and legitimate Utah residents to identify false positives and negatives.
  • Document Everything: Keep records of your compliance efforts—geolocation checks, user appeals, and policy updates. This can be crucial in a legal dispute.
  • Consult Experts: Work with privacy engineers and legal specialists who understand both technical feasibility and regulatory requirements.
  • Stay Agile: Laws and technologies change. Regularly reassess your approach and update your systems. Join industry groups to share best practices.

Utah's SB 73 presents a significant challenge for website operators. By following these steps, you can aim for compliance while respecting user rights and minimizing overreach. Remember that no solution is perfect—but demonstrating good faith efforts is often the best defense.

See Also

External Resources

Meta Threatens to Remove Facebook, Instagram, WhatsApp from New Mexico Over 'Impossible' Safety DemandsGetting Started with .NET 10 on Ubuntu 26.04 (Resolute Raccoon)MLJAR Studio: A Desktop AI Data Analyst That Generates Reproducible NotebooksWeekly Security Patch Roundup: Major Linux Distributions Fix Critical FlawsAlibaba's Metis Agent Slashes Unnecessary Tool Calls by 96%, Achieves Record Accuracy